Risk monitoring of an pseudonymisation service based on TRICK Service

TRICK Service (Tool for Risk management of an ISMS based on a Central Knowledge base) is a risk assessment & management web application for identification, analysis and estimation of assets, threats, vulnerabilities, risk scenarios and security measures. TRICK Service enables to determine a list of security measures to implement in order to reduce the impact or the occurrence likelihood of possible risk scenarios.

The presentation illustrates how risk parameter like security implementation rates, threats likelihood, and impact values are calculated in real time with inputs from security monitoring tools, so that the current risk situation is reflected. Lessons learned from applied risk monitoring on an itrust consulting service providing pseudonymisation for student evaluation tests are discussed.

About Ben Fetler

Ben Fetler, Owner of a Master’s degree (Reutlingen University) in Business Information Systems, is a part of itrust since 2012. During 2 internships at itrust consulting, he developed beneath others models to measure the uncertainty of risk estimations and the maturity of security measures coming from ISO/IEC 27001. Today he mainly assists service providers to get ISO/IEC 27001 certified and conducting risk analyses. Additionally he is member of the technical committee ISO/TC 262 – Risk Management and product owner of the risk analysis tool TRICK Service. Currently he is involved in a national research project to develop a real time risk monitoring system.